2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2014
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "dbwrap/dbwrap.h"
26 #include "dbwrap/dbwrap_rbt.h"
27 #include "dbwrap/dbwrap_open.h"
28 #include "dbwrap/dbwrap_watch.h"
31 #include "auth/gensec/gensec.h"
32 #include "../lib/tsocket/tsocket.h"
33 #include "../libcli/security/security.h"
35 #include "lib/util/util_tdb.h"
36 #include "librpc/gen_ndr/ndr_smbXsrv.h"
38 #include "lib/util/tevent_ntstatus.h"
39 #include "lib/util/iov_buf.h"
41 struct smbXsrv_client_table {
47 struct db_context *db_ctx;
51 static struct db_context *smbXsrv_client_global_db_ctx = NULL;
53 NTSTATUS smbXsrv_client_global_init(void)
55 const char *global_path = NULL;
56 struct db_context *db_ctx = NULL;
58 if (smbXsrv_client_global_db_ctx != NULL) {
63 * This contains secret information like client keys!
65 global_path = lock_path("smbXsrv_client_global.tdb");
66 if (global_path == NULL) {
67 return NT_STATUS_NO_MEMORY;
70 db_ctx = db_open(NULL, global_path,
74 TDB_INCOMPATIBLE_HASH,
75 O_RDWR | O_CREAT, 0600,
81 status = map_nt_error_from_unix_common(errno);
86 smbXsrv_client_global_db_ctx = db_ctx;
93 * We need to store the keys in big endian so that dbwrap_rbt's memcmp
94 * has the same result as integer comparison between the uint32_t
97 * TODO: implement string based key
100 #define SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE 16
102 static TDB_DATA smbXsrv_client_global_id_to_key(const struct GUID *client_guid,
105 TDB_DATA key = { .dsize = 0, };
109 status = GUID_to_ndr_blob(client_guid, talloc_tos(), &b);
110 if (!NT_STATUS_IS_OK(status)) {
113 memcpy(key_buf, b.data, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
116 key = make_tdb_data(key_buf, SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE);
121 static NTSTATUS smbXsrv_client_table_create(TALLOC_CTX *mem_ctx,
122 struct messaging_context *msg_ctx,
123 uint32_t max_clients,
124 struct smbXsrv_client_table **_table)
126 struct smbXsrv_client_table *table;
129 if (max_clients > 1) {
130 return NT_STATUS_INTERNAL_ERROR;
133 table = talloc_zero(mem_ctx, struct smbXsrv_client_table);
135 return NT_STATUS_NO_MEMORY;
138 table->local.max_clients = max_clients;
140 status = smbXsrv_client_global_init();
141 if (!NT_STATUS_IS_OK(status)) {
146 table->global.db_ctx = smbXsrv_client_global_db_ctx;
148 dbwrap_watch_db(table->global.db_ctx, msg_ctx);
154 static int smbXsrv_client_global_destructor(struct smbXsrv_client_global0 *global)
159 static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
163 struct smbXsrv_client_global0 **_g)
168 struct smbXsrv_client_globalB global_blob;
169 enum ndr_err_code ndr_err;
170 struct smbXsrv_client_global0 *global = NULL;
172 TALLOC_CTX *frame = talloc_stackframe();
183 key = dbwrap_record_get_key(db_rec);
185 val = dbwrap_record_get_value(db_rec);
186 if (val.dsize == 0) {
195 blob = data_blob_const(val.dptr, val.dsize);
197 ndr_err = ndr_pull_struct_blob(&blob, frame, &global_blob,
198 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_client_globalB);
199 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
200 NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
201 DBG_WARNING("smbXsrv_client_global_verify_record: "
202 "key '%s' ndr_pull_struct_blob - %s\n",
203 hex_encode_talloc(frame, key.dptr, key.dsize),
209 DBG_DEBUG("client_global:\n");
210 if (DEBUGLVL(DBGLVL_DEBUG)) {
211 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
214 if (global_blob.version != SMBXSRV_VERSION_0) {
215 DBG_ERR("key '%s' use unsupported version %u\n",
216 hex_encode_talloc(frame, key.dptr, key.dsize),
217 global_blob.version);
218 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
223 global = global_blob.info.info0;
225 exists = serverid_exists(&global->server_id);
227 struct server_id_buf tmp;
229 DBG_NOTICE("key '%s' server_id %s does not exist.\n",
230 hex_encode_talloc(frame, key.dptr, key.dsize),
231 server_id_str_buf(global->server_id, &tmp));
232 if (DEBUGLVL(DBGLVL_NOTICE)) {
233 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
236 dbwrap_record_delete(db_rec);
242 *_g = talloc_move(mem_ctx, &global);
247 NTSTATUS smb2srv_client_lookup_global(struct smbXsrv_client *client,
248 struct GUID client_guid,
250 struct smbXsrv_client_global0 **_global)
252 struct smbXsrv_client_table *table = client->table;
253 struct smbXsrv_client_global0 *global = NULL;
254 bool is_free = false;
255 uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
257 struct db_record *db_rec;
259 key = smbXsrv_client_global_id_to_key(&client_guid, key_buf);
261 db_rec = dbwrap_fetch_locked(table->global.db_ctx,
263 if (db_rec == NULL) {
264 DBG_ERR("guid [%s]: Failed to lock key '%s'\n",
265 GUID_string(talloc_tos(), &client_guid),
266 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
267 return NT_STATUS_INTERNAL_DB_ERROR;
270 smbXsrv_client_global_verify_record(db_rec,
278 return NT_STATUS_OBJECTID_NOT_FOUND;
285 NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
286 struct smbXsrv_client_global0 *global)
289 enum ndr_err_code ndr_err;
291 struct smbXsrv_connection_pass0 pass_info0;
292 struct smbXsrv_connection_passB pass_blob;
296 pass_info0.initial_connect_time = global->initial_connect_time;
297 pass_info0.client_guid = global->client_guid;
299 reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
301 return NT_STATUS_INVALID_BUFFER_SIZE;
304 pass_info0.negotiate_request.length = reqlen;
305 pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
307 if (pass_info0.negotiate_request.data == NULL) {
308 return NT_STATUS_NO_MEMORY;
310 iov_buf(smb2req->in.vector, smb2req->in.vector_count,
311 pass_info0.negotiate_request.data,
312 pass_info0.negotiate_request.length);
314 ZERO_STRUCT(pass_blob);
315 pass_blob.version = smbXsrv_version_global_current();
316 pass_blob.info.info0 = &pass_info0;
318 if (DEBUGLVL(DBGLVL_DEBUG)) {
319 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
322 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &pass_blob,
323 (ndr_push_flags_fn_t)ndr_push_smbXsrv_connection_passB);
324 data_blob_free(&pass_info0.negotiate_request);
325 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
326 status = ndr_map_error2ntstatus(ndr_err);
330 iov.iov_base = blob.data;
331 iov.iov_len = blob.length;
333 status = messaging_send_iov(smb2req->xconn->msg_ctx,
335 MSG_SMBXSRV_CONNECTION_PASS,
337 &smb2req->xconn->transport.sock, 1);
338 data_blob_free(&blob);
339 if (!NT_STATUS_IS_OK(status)) {
346 static NTSTATUS smbXsrv_client_global_store(struct smbXsrv_client_global0 *global)
348 struct smbXsrv_client_globalB global_blob;
349 DATA_BLOB blob = data_blob_null;
353 enum ndr_err_code ndr_err;
354 bool saved_stored = global->stored;
357 * TODO: if we use other versions than '0'
358 * we would add glue code here, that would be able to
359 * store the information in the old format.
362 if (global->db_rec == NULL) {
363 return NT_STATUS_INTERNAL_ERROR;
366 key = dbwrap_record_get_key(global->db_rec);
367 val = dbwrap_record_get_value(global->db_rec);
369 ZERO_STRUCT(global_blob);
370 global_blob.version = smbXsrv_version_global_current();
371 if (val.dsize >= 8) {
372 global_blob.seqnum = IVAL(val.dptr, 4);
374 global_blob.seqnum += 1;
375 global_blob.info.info0 = global;
377 global->stored = true;
378 ndr_err = ndr_push_struct_blob(&blob, global->db_rec, &global_blob,
379 (ndr_push_flags_fn_t)ndr_push_smbXsrv_client_globalB);
380 global->stored = saved_stored;
381 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
382 status = ndr_map_error2ntstatus(ndr_err);
383 DBG_WARNING("key '%s' ndr_push - %s\n",
384 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
386 TALLOC_FREE(global->db_rec);
390 val = make_tdb_data(blob.data, blob.length);
391 status = dbwrap_record_store(global->db_rec, val, TDB_REPLACE);
392 if (!NT_STATUS_IS_OK(status)) {
393 DBG_WARNING("key '%s' store - %s\n",
394 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
396 TALLOC_FREE(global->db_rec);
400 global->stored = true;
402 if (DEBUGLVL(DBGLVL_DEBUG)) {
403 DBG_DEBUG("key '%s' stored\n",
404 hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
405 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
408 TALLOC_FREE(global->db_rec);
413 static NTSTATUS smbXsrv_client_global_remove(struct smbXsrv_client_global0 *global)
415 struct smbXsrv_client_globalB global_blob;
420 * TODO: if we use other versions than '0'
421 * we would add glue code here, that would be able to
422 * store the information in the old format.
425 if (global->db_rec == NULL) {
426 return NT_STATUS_INTERNAL_ERROR;
429 key = dbwrap_record_get_key(global->db_rec);
431 status = dbwrap_record_delete(global->db_rec);
432 if (!NT_STATUS_IS_OK(status)) {
433 DBG_WARNING("key '%s' delete - %s\n",
434 hex_encode_talloc(global->db_rec, key.dptr, key.dsize),
436 TALLOC_FREE(global->db_rec);
439 global->stored = false;
440 if (DEBUGLVL(DBGLVL_DEBUG)) {
441 DBG_DEBUG("key '%s' delete\n",
442 hex_encode_talloc(global->db_rec, key.dptr, key.dsize));
443 NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
446 TALLOC_FREE(global->db_rec);
451 static int smbXsrv_client_destructor(struct smbXsrv_client *client)
455 status = smbXsrv_client_remove(client);
456 if (!NT_STATUS_IS_OK(status)) {
457 DBG_ERR("smbXsrv_client_remove() failed: %s\n",
461 TALLOC_FREE(client->global);
466 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data);
467 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq);
469 NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx,
470 struct tevent_context *ev_ctx,
471 struct messaging_context *msg_ctx,
473 struct smbXsrv_client **_client)
475 struct smbXsrv_client_table *table;
476 struct smbXsrv_client *client = NULL;
477 struct smbXsrv_client_global0 *global = NULL;
479 struct tevent_req *subreq = NULL;
481 status = smbXsrv_client_table_create(mem_ctx,
485 if (!NT_STATUS_IS_OK(status)) {
489 if (table->local.num_clients >= table->local.max_clients) {
491 return NT_STATUS_INSUFFICIENT_RESOURCES;
494 client = talloc_zero(mem_ctx, struct smbXsrv_client);
495 if (client == NULL) {
497 return NT_STATUS_NO_MEMORY;
499 client->ev_ctx = ev_ctx;
500 client->msg_ctx = msg_ctx;
502 client->table = talloc_move(client, &table);
503 table = client->table;
505 global = talloc_zero(client, struct smbXsrv_client_global0);
506 if (global == NULL) {
508 return NT_STATUS_NO_MEMORY;
510 talloc_set_destructor(global, smbXsrv_client_global_destructor);
511 client->global = global;
513 global->initial_connect_time = now;
515 global->server_id = messaging_server_id(client->msg_ctx);
517 table->local.num_clients += 1;
519 talloc_set_destructor(client, smbXsrv_client_destructor);
521 if (DEBUGLVL(DBGLVL_DEBUG)) {
522 struct smbXsrv_clientB client_blob;
524 ZERO_STRUCT(client_blob);
525 client_blob.version = SMBXSRV_VERSION_0;
526 client_blob.info.info0 = client;
528 DBG_DEBUG("client_guid[%s] stored\n",
529 GUID_string(talloc_tos(), &global->client_guid));
530 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
533 subreq = messaging_filtered_read_send(client, client->ev_ctx, client->msg_ctx,
534 smbXsrv_client_connection_pass_filter,
536 if (subreq == NULL) {
538 return NT_STATUS_NO_MEMORY;
540 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
546 static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data)
548 if (rec->msg_type != MSG_SMBXSRV_CONNECTION_PASS) {
552 if (rec->num_fds != 1) {
556 if (rec->buf.length < SMB2_HDR_BODY) {
560 /* TODO: verify client_guid...? */
565 static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
567 struct smbXsrv_client *client =
568 tevent_req_callback_data(subreq,
569 struct smbXsrv_client);
570 struct smbXsrv_connection *xconn = NULL;
572 struct messaging_rec *rec = NULL;
573 struct smbXsrv_connection_passB pass_blob;
574 enum ndr_err_code ndr_err;
575 struct smbXsrv_connection_pass0 *pass_info0 = NULL;
580 ret = messaging_filtered_read_recv(subreq, talloc_tos(), &rec);
586 ndr_err = ndr_pull_struct_blob(&rec->buf, rec, &pass_blob,
587 (ndr_pull_flags_fn_t)ndr_pull_smbXsrv_connection_passB);
588 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
589 status = ndr_map_error2ntstatus(ndr_err);
590 DBG_WARNING("ndr_pull_struct_blob - %s\n", nt_errstr(status));
594 DBG_DEBUG("MSG_SMBXSRV_CLIENT_CLOSE\n");
595 if (DEBUGLVL(DBGLVL_DEBUG)) {
596 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
599 if (pass_blob.version != SMBXSRV_VERSION_0) {
600 DBG_ERR("ignore invalid version %u\n", pass_blob.version);
601 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
605 pass_info0 = pass_blob.info.info0;
606 if (pass_info0 == NULL) {
607 DBG_ERR("ignore NULL info %u\n", pass_blob.version);
608 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
612 if (!GUID_equal(&client->global->client_guid, &pass_info0->client_guid))
614 DBG_WARNING("client's client_guid [%s] != passed guid [%s]\n",
615 GUID_string(talloc_tos(), &client->global->client_guid),
616 GUID_string(talloc_tos(), &pass_info0->client_guid));
617 if (DEBUGLVL(DBGLVL_WARNING)) {
618 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
623 if (client->global->initial_connect_time !=
624 pass_info0->initial_connect_time)
626 DBG_WARNING("client's initial connect time [%s] (%llu) != "
627 "passed initial connect time [%s] (%llu)\n",
628 nt_time_string(talloc_tos(),
629 client->global->initial_connect_time),
630 (unsigned long long)client->global->initial_connect_time,
631 nt_time_string(talloc_tos(),
632 pass_info0->initial_connect_time),
633 (unsigned long long)pass_info0->initial_connect_time);
634 if (DEBUGLVL(DBGLVL_WARNING)) {
635 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
640 SMB_ASSERT(rec->num_fds == 1);
641 sock_fd = rec->fds[0];
643 DBG_ERR("got connection sockfd[%d]\n", sock_fd);
644 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
645 status = smbd_add_connection(client, sock_fd, &xconn);
646 if (!NT_STATUS_IS_OK(status)) {
649 DBG_ERR("smbd_add_connection => %s\n", nt_errstr(status));
650 NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
655 * Set seq_low to mid received in negprot
657 seq_low = BVAL(pass_info0->negotiate_request.data,
658 SMB2_HDR_MESSAGE_ID);
660 xconn->smb2.client.guid_verified = true;
661 smbd_smb2_process_negprot(xconn, seq_low,
662 pass_info0->negotiate_request.data,
663 pass_info0->negotiate_request.length);
668 subreq = messaging_filtered_read_send(client, client->ev_ctx, client->msg_ctx,
669 smbXsrv_client_connection_pass_filter,
671 if (subreq == NULL) {
673 r = "messaging_read_send(MSG_SMBXSRV_CONNECTION_PASS failed";
674 exit_server_cleanly(r);
677 tevent_req_set_callback(subreq, smbXsrv_client_connection_pass_loop, client);
680 NTSTATUS smbXsrv_client_update(struct smbXsrv_client *client)
682 struct smbXsrv_client_table *table = client->table;
684 uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
687 if (client->global->db_rec != NULL) {
688 DBG_ERR("guid [%s]: Called with db_rec != NULL'\n",
689 GUID_string(talloc_tos(),
690 &client->global->client_guid));
691 return NT_STATUS_INTERNAL_ERROR;
694 key = smbXsrv_client_global_id_to_key(&client->global->client_guid,
697 client->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
698 client->global, key);
699 if (client->global->db_rec == NULL) {
700 DBG_ERR("guid [%s]: Failed to lock key '%s'\n",
701 GUID_string(talloc_tos(), &client->global->client_guid),
702 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
703 return NT_STATUS_INTERNAL_DB_ERROR;
706 status = smbXsrv_client_global_store(client->global);
707 if (!NT_STATUS_IS_OK(status)) {
708 DBG_ERR("client_guid[%s] store failed - %s\n",
709 GUID_string(talloc_tos(), &client->global->client_guid),
714 if (DEBUGLVL(DBGLVL_DEBUG)) {
715 struct smbXsrv_clientB client_blob;
717 ZERO_STRUCT(client_blob);
718 client_blob.version = SMBXSRV_VERSION_0;
719 client_blob.info.info0 = client;
721 DBG_DEBUG("client_guid[%s] stored\n",
722 GUID_string(talloc_tos(), &client->global->client_guid));
723 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);
729 NTSTATUS smbXsrv_client_remove(struct smbXsrv_client *client)
731 struct smbXsrv_client_table *table = client->table;
733 uint8_t key_buf[SMBXSRV_CLIENT_GLOBAL_TDB_KEY_SIZE];
736 if (client->global->db_rec != NULL) {
737 DBG_ERR("client_guid[%s]: Called with db_rec != NULL'\n",
738 GUID_string(talloc_tos(), &client->global->client_guid));
739 return NT_STATUS_INTERNAL_ERROR;
742 if (!client->global->stored) {
746 key = smbXsrv_client_global_id_to_key(&client->global->client_guid,
749 client->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
750 client->global, key);
751 if (client->global->db_rec == NULL) {
752 DBG_ERR("client_guid[%s]: Failed to lock key '%s'\n",
753 GUID_string(talloc_tos(), &client->global->client_guid),
754 hex_encode_talloc(talloc_tos(), key.dptr, key.dsize));
755 return NT_STATUS_INTERNAL_DB_ERROR;
758 status = smbXsrv_client_global_remove(client->global);
759 if (!NT_STATUS_IS_OK(status)) {
760 DBG_ERR("client_guid[%s] store failed - %s\n",
761 GUID_string(talloc_tos(), &client->global->client_guid),
766 if (DEBUGLVL(DBGLVL_DEBUG)) {
767 struct smbXsrv_clientB client_blob;
769 ZERO_STRUCT(client_blob);
770 client_blob.version = SMBXSRV_VERSION_0;
771 client_blob.info.info0 = client;
773 DBG_DEBUG("client_guid[%s] stored\n",
774 GUID_string(talloc_tos(), &client->global->client_guid));
775 NDR_PRINT_DEBUG(smbXsrv_clientB, &client_blob);